Use AWS Config to create rules for detecting noncompliant AWS resources and then use AWS Macie to identify sensitive data and classify it according to the organization's data classification policy.

Use AWS Security Hub to collect and organize evidence of compliance with the data classification policy and then use AWS Config to create rules for detecting noncompliant AWS resources.

Use AWS Audit Manager to collect and organize evidence of compliance with the data classification policy and then use AWS Macie to identify sensitive data and classify it according to the organization's data classification policy.